Info

Disclosure

Feb 27, 2008

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Feb 27, 2008

Description

SCO UnixWare pkgadd contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious attacker exploits 'pkgadd'. This flaw may lead to a loss of Confidentiality.

Classification

Impact: Loss of Confidentiality
Solution: Patch / RCS
Exploit: Exploit Public, Exploit Private
Disclosure: Vendor Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, vendor has released a patch to address this vulnerability.

Products

SCO Group, Inc.

UnixWare

7.1.4

References

Security Tracker: 1019787
CVE ID: 2008-0310 (see also: NVD) 2008-1343 (see also: NVD)
Secunia Advisory ID: 29370 29657
Milw0rm: 5355
Exploit Database: 5355
Other Advisory URL: ftp://ftp.sco.com/pub/unixware7/714/security/p534589/p534589.txt http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=676
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2008-04/0052.html
Vendor Specific Advisory URL: http://www.sco.com/support/update/download/release.php?rid=324

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/43109